There are many uses for digital certificates to identify entities. Some common uses of certificates include server-to-server authentication and establishing SSL connections from a Web site's server.
However the use of digital certificates to identify the end user to a Web site or to provide another set of one or more services to the user has not been successful to date. One reason for the lack of success include the difficulty in transporting a user's private key and certificate between machines. If a user wants to use different machines to access a Web site, the user must transfer a certificate bound to that user to each machine the user will use.
Another reason for the lack of success is the difficulty of the infrastructure related to deploying and maintaining the Certificate Authority and managing the certificate revocation list.
What is needed is a system and method that can use digital certificates to authenticate a user to allow the user to access services such as private areas of a Web site, without requiring a user to transfer a certificate to each of the different machines the user will use and without maintaining a separate certificate authority and revocation list dedicated to the Web site or other set of one or more services.